Closed Bug 300003 Opened 19 years ago Closed 19 years ago

XUL error pages should not have chrome privileges

Categories

(Core :: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 292624

People

(Reporter: sync2d, Assigned: dveditz)

Details

(Whiteboard: [sg:dupe 292624])

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8b2) Gecko/20050707 Firefox/1.0+ XUL error pages should not have chrome privileges because any untrusted content can and should be able to load the error pages. The error pages are used by the default in recent Firefox trunk (bug 216466). So exploits can load the error pages automatically and abuse its elevated privileges by bugs such as XSS in Mozilla. see also: bug 28586, bug 286651 Reproducible: Always Steps to Reproduce: Actual Results: XUL error pages have chrome privileges. Expected Results: XUL error pages DOES NOT have chrome privileges.
*** This bug has been marked as a duplicate of 292624 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Group: security
Whiteboard: [sg:dupe 292624]
Group: security
You need to log in before you can comment on or make changes to this bug.